Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Kaipai
v1.0.1Video file → videoscreenclear or hdvideoallinone + spawn-run-task and sessions_spawn (main session). Image → eraser_watermark or image_restoration + blocking...
⭐ 1· 98·0 current·0 all-time
by@kaipai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md implement Kaipai image/video processing (eraser_watermark, videoscreenclear, image_restoration, hdvideoallinone) and use a python CLI as described. MT_AK/MT_SK (Kaipai API keys) are referenced in SKILL.md and skill.json which aligns with the stated paid API purpose. However, the registry summary provided at the top of this report claimed "Required env vars: none", which contradicts the skill.json and SKILL.md metadata that require MT_AK/MT_SK. This metadata inconsistency could confuse hosts or users about what secrets are needed.
Instruction Scope
SKILL.md instructs agents to use the bundled python CLI (scripts/kaipai_ai.py) and to use sessions_spawn for video tasks; that matches the included scripts. But the runtime code also: (1) reads/writes state under ~/.openclaw/workspace/openclaw-kaipai-ai/ (last_task, history), (2) expects TELEGRAM_BOT_TOKEN env var for Telegram delivery, and (3) reads Feishu credentials from ~/.openclaw/openclaw.json. Those file reads/env accesses are not called out in the top-level registry summary and the SKILL.md doesn't list TELEGRAM_BOT_TOKEN or the config path as explicit required inputs. Agents following SKILL.md will therefore access local config and possibly credentials beyond the Kaipai keys unless configured otherwise.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the package includes Python scripts and a requirements.txt (requests, alibabacloud-oss-v2, pytest). That is a moderate, expected footprint for a Python-based skill. No remote arbitrary binary downloads were indicated. Because code is bundled rather than purely instruction-only, installing/running it writes files under the user home (state) and will execute network calls.
Credentials
Requesting MT_AK and MT_SK is proportionate to using the Kaipai paid API. However, the skill also expects TELEGRAM_BOT_TOKEN (used by notifications) and reads Feishu app credentials from ~/.openclaw/openclaw.json — these additional credential/config accesses are not clearly declared in the top-level requirements. The skill writes task history and last_task to ~/.openclaw/workspace/openclaw-kaipai-ai/, which is a persistent local footprint. If you don't need messaging features, those code paths may still attempt to access local config unless the notifier is never invoked.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It persists state under ~/.openclaw/workspace/openclaw-kaipai-ai/ (last_task, history) and reads ~/.openclaw/openclaw.json for Feishu credentials. This is normal behavior for a CLI skill but is a persistent local presence and grants the skill read access to a host OpenClaw config file.
What to consider before installing
This skill appears to implement the Kaipai image/video processing it advertises, but there are several inconsistencies and undeclared accesses you should consider before installing:
- Metadata mismatch: the top-level registry summary you provided says "no required env vars" but SKILL.md and skill.json require MT_AK and MT_SK. Treat MT_AK/MT_SK as mandatory Kaipai API credentials.
- Undeclared credential/config access: the code will look for TELEGRAM_BOT_TOKEN (for Telegram delivery) and will read Feishu app credentials from ~/.openclaw/openclaw.json by default. If you do not want the skill to access those credentials, do not set them systemwide or run in an environment where those files exist. Consider isolating keys in a dedicated account or container.
- Persistent state: the skill writes last_task and history under ~/.openclaw/workspace/openclaw-kaipai-ai/ (files are created and stored in your home directory). If you are concerned about persistence, check/clean that directory after use.
- Network behavior and billing: the skill calls external services (Kaipai API, Feishu, Telegram, OSS). Kaipai is a paid, quota-based API (do not assume free). Ensure MT_AK/MT_SK are tenant keys you intend to consume and monitor billing. Verify endpoints are the official ones in the code if you must be certain of where data is sent.
Recommended actions before enabling/installing:
1. Inspect scripts/kaipai_ai.py and sdk/core/* to confirm endpoints and that no unexpected endpoints exist. 2. If you will use messaging delivery, decide whether to provide TELEGRAM_BOT_TOKEN or Feishu config; otherwise do not set them. 3. Run python3 scripts/kaipai_ai.py preflight in a safe environment to confirm behavior. 4. If you lack confidence in the owner, run the skill in an isolated container or sandbox and avoid exposing high-privilege credentials. 5. Ask the publisher to correct the registry metadata so required env vars and config paths are explicit.
If you want, I can point out exact lines that read ~/.openclaw/openclaw.json, references to TELEGRAM_BOT_TOKEN, or produce a short checklist for a secure preflight run.Like a lobster shell, security has layers — review code before you run it.
latestvk974x6sz1vz88tqqt1y4fp05ws84swzy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🖼️ Clawdis
Binspython3